Security teams struggle to contain web application vulnerabilities or find the time to patch them because organisations adopt DevOps processes without considering how and where security should be applied.